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Course Training Documents 


= QSC 2021 VMDR Lab Tutorial Supplement 
= QSC 2021 VMDR Slides 


You can download both documents from: 


https://bit.ly/qsc21vmdr 
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Play Lab Tutorials 


Click to 
open Lab 
Tutorial. 


Navigate to the following URL to view the “Configure Agents for VMDR” tutoria 


http://ior.ad/7bze 
PLAY J http://ior.ad/7bZE 


Maximize 


Screen 


© Tyit A CI 


© 


15 steps / 3 mins 


Configure Agents for 
VMDR 


Click Start 
Button 


Nov 2020 by Qualys 
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Qualys VMDR Lifecycle 


© Qualys. 


VMDR Agenda 


1. Asset Management 
i Qualys Sensor Overview 
e CyberSecurity Asset Management (CSAM) 
2. Vulnerability Management (VM) 
° Vulnerability Findings 
e Dashboards & Widgets 
3. Threat Detection & Prioritization (TP) 
e VMDR Threat Feed 
e VMDR Prioritization Report 
4. Response — Patch Management (PM) 
e Deployment Jobs 
e Patch Catalog 


© Qualys. 


Asset Management 


Qualys, Inc. Corporate Presentation 


CIS Control 1: Inventory and Control @ CIS Controls 
of Enterprise Assets 


Overview 


Actively manage (inventory, track, and correct) all enterprise assets (end-user devices, including portable and mobile; network 
devices; non-computing/Internet of Things (loT) devices; and servers) connected to the infrastructure physically, virtually, 
remotely, and those within cloud environments, to accurately know the totality of assets that need to be monitored and 


protected within the enterprise. This will also support identifying unauthorized and unmanaged assets to remove or 
remediate. 


Inventory and 
Control of 


Enterprise Assets 
5 | Safeguards GE 2/5 AG 4/5 AG 5/5 


https://www.cisecurity.org/controls/inventory-and-control-of-enterprise-assets/ 
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Qualys Sensor Platform 


Remote Scanners 
(Internet facing) 


. 


Cloud Agents OD . /__\ Local Scanners 


(servers, endpoints, ° 
mobile devices) nu, ° nei 
e e e 
e e 
© e 
Cloud gl: ae ae Be, TO Passive 
Connectors Scanners 
e © 
e e 
e e e 
. (] . 
SaaS 3 Out-of-Band 
Connectors al: 2 as Sensors 


© 


Container Sensors 


x APIs (collect data from 3rd parties) 
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Configure Agents for VMDR 


Welcome to Qualys VMDR® 


Identify Assets Discover Vulnerabilities & 
à Misconfigurations 
Continuously discover your ÎT assets that are on-prem, 
cloud, mobile, container, applications providing 100% real- Detect vulnerabilities with six-sigma accuracy and use CIS 


time visibility Benchmarks to uncover misconfigurations 


Configure agent 
“Activation Keys” for 


Discover, track a 


leveraging norma 


Configure Agents for VMDR & Manage Tags 


Supported OS Et A © é © 


The patching and response 
functions in VMDR require 
Cloud Agent. 


Some Agent Activation Keys 
may need to be updated to 
include the VMDR application 
modules (i.e., VM, CSAM, 
SCA, and PM). 
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Lab 1: Configure Agents for VMDR 


Please consult pages 3 to 14 in the lab tutorial 


supplement for details. 


| | 10 mins 
PLAY 7 Tutorial begins on page 4. 
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Upgrade Agent Activation Keys 


Upgrade Agents with Activation Keys 


VMDR requires the activation of a purpose-built engine for detecting missing patches for Cloud Agents. Select 
Activation keys which you want to upgrade for VMDR. All the agents associated with those keys will be upgraded. 


E Manage Cloud Agent Keys 1-20f 2 


=> oN MODULES AGENTS TAGS 
tt Unlimited Key 
Default VMDR Activation Key 
SCA | VM CSAM 
28f4b0cd-f622-42e0-a809-c12474161c3f ES ET LPM | ET 


Minimum Module Activation Key == Unlimited Key VMDR Lab 
549c7a3f-fc20-44bf-8c54-e74f234b95d8 


Upgrade Agent Activation Keys to include VMDR application modules (i.e., VM, 
SCA, PM, CSAM). 
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Activation Key Tagging Strategy 


Configuration CIE Licenses 


License Consumption 


New Activation Key Turn help tips: On | Off % 
BE ST PRACTICE . Patch Management 
. Type: TRIAL Create a new activation key 

i i Ir” Expiring in: 191 days on Ju 
Assig n Static tags to An activation key is used to install agents. This provides a way to group agents and better manage your 
agent Activation Keys account. By default this key is unlimited - it allows you to add any number of agents at any time. 

License Details Title jvati 

and use them to Remote Host Activation Key 


Licenses Purchased 


ensure agent hosts 10 P> — 
. . e’ @ g 


Select | Create 


receive their 


a ppropriate Select assets for patch manage Rurision Key for these applications 


; Select asset tags to include or exglu 
performance setti ngs, based on the number of ma is CyberSecurity Asset Management | PM | Patch Management 
1 1 Activati d by CSAM 115 Activations Ri ini 
patching licenses, and Include Assets Tags il ciara bé 
i 1 Vulnerability Management Policy Compliance 
patch job assig n ments x I VMDR Lab x I Remote x 15 Activations Remaining o 15 Activations Remaining 


Secure Config Assessment 


Add Exclusion Asset Tags 15 Activations Remaining 


| Reset | | Save | 


Unlimited Key | Generate | 
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CyberSecurity Asset Management 


Qualys, Inc. Corporate Presentation 


Discover and Inventory Assets 


| Asset Inventory Data Collection 
e Passive Sensor 
e Configure CMDB Sync (if using 
CMDB solution) 


Normalization, Categorization & 
Enrichment* (performed automatically in 
the Qualys Cloud Platform) 


Organize and Manage Assets 
(configure Asset Tags) 


Comprehensive Asset & Software Inventory 


CSAM Catalog: Categorize, Normalize and Enrich 


Physical Scanner Cloud Agent 


OS/HW/SW i 
Virtual Scanner Passive Sensor Lifecycle Stage 


Support Stage License type 


Cloud Connector API 
Manufacturer Category 


Container Sensor Out-of-Band 


Qualys CyberSecurity Asset Management (CSAM) aggregates data from all sensors. 
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Qualys Categorization, Normalization & Enrichment 


Operating Systems Hardware Software 


Base OS Runtime AIX: mysql-community-server 
06.01.0009.0300 EE Pee es 5.6.35-2.e17.x86_64 


Computers > Server Databases > RDBMS 


Normalization & 
categorization 


META 


Advanced asset 
information 


Category UNIX > Server 


Manufacturer IBM Dell Sun Microsystems 


MySQL Server 


M 
EE | woe | 


Version 6.1 


Update TL9 SP3 = 


Architecture 64-Bit 


Lifecycle Stage EOL/EOS 

End-of-Life 30-Apr-2015 1-Sep-2012 28-Feb-2018 
End-of-Support 30-Apr-2017 1-Sep-2012 28-Feb-2021 
Support Stage Unsupported Obsolete Extended Support 


: : | Open Source 
License Type Commercial (GPL-2.0) 


Search Hardware Categories 


hardware.category1: valuel 
hardware.category2: value2 
hardware.category: value1 / value2 


hardware.category: 'Networking Device/Switch’ 


10.46.105.2 
10.46.105.2 


: Cisco Systems NX-OS 


10.46.105.1 è$ Cisco Systems NX-OS 
10.46.105.1 


10.46.105.3 
10.46.105.3 


= Cisco Systems NX-OS 


Cisco Systems 
Nexus Switch 
Switch 


Cisco Systems 
Nexus Switch 
Switch 


Cisco Systems 
Nexus Switch 
Switch 


hardware.category1: Networking Device’ 
hardware.category2: Switch’ 
hardware.category: Networking Device / Switch’ 


hardware.category1: 'Networking Device’ 
hardware.category2: 'Switch’ 


Hardware Category List 


CATEGORY | ASSETS 


Virtualized / Virtual Machine 589 


Unidentified / Unidentified IA 8 


Computers / Unidentified 23 8 
Computers / Server 

Networking Device / Unidentified 

Virtualized / Cloud Instance 

Network Security Device / Firewall Device 

Networking Device / Switch 


Unknown 


Group assets by Hardware Category to build a list of hardware category values 


in your account. 
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Search OS Categories 


operatingSystem.category1: value1 
operatingSystem.category2: value2 
operatingSystem.category: value1 / value2 


operatingSystem.category1: 'Windows’ 
operatingSystem.category2: 'Server’ 


operatingSystem.category1: ‘Windows’ 
operatingSystem.category2: Server 
operatingSystem.category: ‘Windows / Server‘ 


operatingSystem. category: 'Windows/Server' 


EC2AMAZ-H3CN8NE 
54.203.137.60,172.16.1.114 
0A:87:39:10:32:0A 


WIN2019SRV1ESXI 


10.0.1.165,2600:8800:3780:1a:8dcb:1... 


00:0C:29:75:7C:B6 


WIN2008SRV2ESXI 


fe80:0:0:0:203c:d6fc:e713:7e36,fd00:8... 


00:0C:29:66:A6:25 


B= Microsoft Windows Se. - 


Datacenter 
1809 64-Bit 


Microsoft Windows Se... 


Datacenter Evaluation 
1809 64-Bit 


Microsoft Windows Se... 


Enterprise 
6.1 SP1 64-Bit 


Virtual Machine 


VMware 
VMware Virtual Platfo... 
Virtual Machine 


VMware 
VMware Virtual Platfo... 
Virtual Machine 


OS Category List 


Group Assets by : OS Category v 1-18 of 18 


Linux / Unidentified 


Windows / Server 


Windows / Client 


Unidentified / Unidentified 


Linux / Server 


Network Operating System / Unidentified 


Windows / Unidentified 


Virtualization / Hypervisor Type-1 (Bare Metal) 


Mac / Client 


329 
260 
231 


203 
132 
89 
32 
29 
19 


Group assets by OS Category to build a list of operating system category 


values in your account. 
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Search Software Categories 


software:(category1: value1) software:(category1: Security’) 
software:(category2: value2) software:(category2: Endpoint Protection‘) 
software:(category: value1 / value2) software:(category: Security / Endpoint Protection’) 


software: (category1: 'Security’) 


Microsoft Windows Defender Security Commercial 
4.18.1807.18075 Endpoint Protection Free 


Privax HMA! Pro VPN Security Commercial 
4.6.151 Endpoint Protection Licensed 


OpenVPN Security Open Source 
3.1.3 Endpoint Protection GNU General Public 


Software Category List 


Assets Software 


| Group Software by: Category © | Type: Application v 1-50 of 88 


Network Application / Internet Browser 


Application Development / Framework 


Application Development / Development Tool 


Networking / Access Software 


Application Development / Programming Languages 


Security / Endpoint Protection 


Network Application / Web Servers 


Databases / RDBMS 


Security / Endpoint Management and Security 


Group Software by Category to build a list of software category values in 


your account. 
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Lab 2 : Search Using Categories 


Please consult pages 15 to 16 in the lab tutorial 


supplement for details. 


Er? Tutorial begins on page 16. 5 mins 
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Software License Category 


Commercial — Supported by vendor. 


software: (license. category: ‘Commercial * ) 


Open Source - Free for public use. 


software: (license.category: ‘Open Source‘) 
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Dynamic Rule-Based Tags 


Tag Type 


Static @ Dynamic = 


Tag Rules 


Rule * 


Asset Inventory 
Asset Name Contains 
Asset Inventory 


IP Address In Range(s) 


IP Address In Range(s) + Network(s) 


Open Ports 
Cloud Asset Search 


Vuln(QID) Exist 


The “Asset Inventory” rule 
engine allows you to build tags 
using query tokens, including 
the Hardware, OS, and 
Software category tokens. 


Other “dynamic” rule engines 
are also available. 
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Lab 3 : Dynamic Rule-Based Tags 


Please consult pages 17 in the lab tutorial 


supplement for details. 


Tutorial begi 17. | 
PLAY 7 utorlal Degins On page 5 mins 
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Unidentified vs. Unknown 


Some OS and Hardware assets may appear as “unidentified” or “unknown.” 


Unidentified 


e Not enough data has been discovered/collected for Qualys to 
determine the asset's hardware or operating system. 


Unknown 


e Adequate data exists for Qualys to categorize the asset, but it has 
yet to be cataloged. 
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Network Passive Sensor 


Passive Sensor Overview 


| 


Sniffs traffic via network TAP or the SPAN port of a network switch. 


Captured data and traffic is sent to the Qualys Platform for analysis 
and processing. 


1. Discovered assets not in your account, are placed in the 
“Unmanaged” section of Qualys CSAM. 


Enable “Traffic Analysis” to reveal communication between assets, 
including conversations between managed and unmanaged assets. 


© Qualys. 


Managed vs. Unmanaged Assets 


If discovered data is confirmed © Qualys. cloud Platform 


to match an asset already m CyberSecurity Asset Management v 
your account, its information 


can be merged with the existing assets EP 
asset. 8 
Unmanaged 
: Q 


Discovered assets not in your 
account, are placed in the 
“Unmanaged” section of Qualys 1 54 TOP HARDWARE CATEGORIES 


CSAM = Total Assets m] 


Virtualized 


Network Traffic Analyzer 


Conversations between assets can offer new discoveries and insights. 


Network Traffic Analyzer 


Q Search for assets... Last 24 Hours v 


1 8 TRAFFIC FAMILY TRAFFIC VOLUME 


@ WebServices 161KB M Terminal Emu... 14 KB 
Œ Vimeo 8KB M IBM Systems ...5KB if A 
@ Networking 308B ™ Other 460B Aug27,0430pm Aug.27, 04:45 pm 


Total Clients Q 


ASSET TYPE (CLIENT) E << | 1-27 of 27 
INTERNAL 


UNMANAGED 
MANAGED 


DEVICE CATEGORY (CLIENT) 


Unidentified 
Computers 


192.168.128.... Mobile 196B From: Aug 27, 2020 05:43 pm EXTERNAL Unknown 
UNMANAGED Unknown 1 Pkts. To: Aug 27, 2020 05:43 pm 


Unknown WIN-CEI_TES... Unknown 642B From: Aug 27, 2020 04:30 pm EXTERNAL Unknown 
Computers / Des.. 192.168.5.231 4Pkts To: Aug 27, 2020 04:43 pm 
Virtualized MANAGED 


OPERATING SYSTEM (CLIENT) WIN-CEI_TES... Unknown 9KB 11 KB From: Aug 27, 2020 04:24 pm 192.168.5.70 Unknown 


2 k 7 : 2 
Windows 3 192.168.5.231 63 Pkts 37 Pkts To: Aug 27, 2020 04:52 pm INTERNAL 


© Qualys. 


Network Passive Sensor User Guides 


© Qualys. Community Discussions Blog Training Docs Support 
Q Search documentation qualys.com/documentation 
Sensors 


Cloud Agents 


Scanner Appliance 


Network Passive Sensor 


re Passive Sensors can be deployed as 
Getting Started Guid . . 5 
Te nr a physical or virtual appliances. 


Physical Appliance User Guide 
Virtual Appliance User Guide 
Deployment Guide 

Release Notes 


Training 
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CMDB Sync 


(e) Qualys. 


Certified ServiceNow CMDB Sync App 


B © 


e Supports 2-way sync (Qualys to ServiceNow and ServiceNow to Qualys) 
e Up-to-date, categorized, normalized, and enriched ServiceNow CMDB 
e Enrich Qualys assets with key CMDB business data 

e Synchronization schedules can be configured and saved. 


e Asset metadata is only synchronized for assets that already exist in both Qualys 
and ServiceNow. 


e Optionally, asset information is staged for user approval before being written to 
CMDB. 
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Import Business Attributes from Service Now CMDB 


< Resource Details: 961701629973009803 


Y CLOUD METADATA 


Business Information Business Application Details 


Summary 


Network Interfaces 


Banking Service 
Associations Status Department = . vn 
Repair IT Operations Installed | Business Criticality: 1 - Most Critical 


Labels 


Controls Evaluated Managed By Supported By 
Byron Fortuna John Doe OVERVIEW ASSOCIATED ASSETS 


v INVENTORY 


Asset Summary 


Business Applications 


System Information 
8 ASSET SYSTEM INFO 
BEtworklistormetion BUSINESS APP NAME BUSINESS CRITICALITY OPERATIONAL STATUS] 


Open Ports [Banking Service — ] Nabe Gites ta HQWIN8R2RD27 Microsoft Windows Server 2008 R... 


Installed Software 10.46.105.42,169.254.162.50,fe80... VMware VMware Virtual Platform ... 


Traffic Summary 


WIN12PMIOC3 Microsoft Windows Server 2012 R... 
10.0.1.6,169.254.5.79,192.168.13.... Google Compute Engine 


Y SECURITY 10.115.75.59 The CentOS Project CentOS 7 (1511) 
Vulnerabilities 10.115.75.59 VMware VMware Virtual Platform ... 


Close 


1-4of 4 


SUPPORTED BY 


John Doe 
IT Operations 


John Doe 
IT Operations 


John Doe 
IT Operations 


Automatically import business application and business context attributes from ServiceNow 


CMDB 
Identify other assets associated with a business application 


© Qualys. 


Lab 4 : CMDB Sync and Business Context 


Please consult pages 19 to 20 in the lab tutorial 


supplement for details. 


5 mins 


Er? Tutorial begins on page 19. 
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Use Business Attributes to Search for Assets 


businessApp:(businessCriticality 


businessApp:(environment e Use any of the “businessApp” 
businessApp:(id search tokens to single out assets, 
based on the business information 
and characteristics provided by 
businessApp:(name ServiceNow. 


businessApp:(managedBy 


salsa di‘: te el e Queries using these tokens will 


businessApp:(ownedBy impact assets already 
businessApp:(supportGroup synchronized. 


businessApp:(supportedBy 
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Integration with ServiceNow CMDB 


To implement ServiceNow CMDB Integration, a Qualys subscription with API 
access is required, along with the following application modules: 


e CSAM 
e Vulnerability Management 


1. Qualys CMDB Sync App 
e — Install the Qualys CMDB Sync App (available in ServiceNow Online Store) 


2. Qualys CMDB Sync Service Graph Connector App 
e Install the Qualys Service Graph Connector App (available in Service Now Online Store) 
e ITOM Visibility license in ServiceNow 
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CMDB Sync App User Guides 


© Qualys. Community Discussions Blog Training Docs Support 
Q, search documentation qualys.com/documentation 
Cloud Apps 


IT Asset Management 


Global AssetView 

CyberSecurity Asset Management 
AssetView 

CMDB Sync 


Qualys CMDB Sync Service Graph Connector App 
Qualys CMDB Sync App 


Certificate Inventory 


Public APIs for CMDB Sync 


e CSAM now supports import of Asset business metadata and 
Business app metadata from your CMDB into your Qualys asset 
inventory (using v2 APIs). 


e Imported business attributes are listed in the Asset Details page. 


e User must have access to the CSAM module with API enabled for 
that role. 


e Currently supports maximum 250 records for import in one API call 
for both Asset and Business app metadata. 


© Qualys. 


API User Guide 


@ Qualys. Community Discussions Blog Training Docs Support 


Q, Search documentation qualys.com/documentation 


API User Guides 

Asset Mgmt and Tagging v2 API 
Certificate View API 

Cloud Agent (CA) API 


e Use API v2 to import asset 


CloudView API 

Container Security API business metadata and 
Continuous Monitoring (CM) API A 

Endpoint Detection and Response (EDR) API busi ness a pp metad ata from 


File Integrity Monitoring (FIM) API v1 you r CM D B : 


File Integrity Monitoring (FIM) API v2 


Global AssetView/CyberSecurity Asset Management 
API v1 


Global AssetView/CyberSecurity Asset Management 
API v2 


Malware Detection (MD) API 
Out-of-band Configuration Assessment (OCA) API v1 
Out-of-band Configuration Assessment (OCA) API v2 


© Qualys. 


Detect and Monitor Security Gaps 


Detect and Monitor Security Gaps 1 


Asset Prioritization (Define Asset 
Criticality Score) 


Product Lifecycle Management* 
(EOL/EOS/Obsolete hardware and 
software automatically identified 
through enrichment in QCP) 


Software Authorization* Š 


(configure rules to identify 
authorized/unauthorized software) 


© Qualys. 


Asset Criticality Score 


Asset Criticality Score 


Asset Criticality Score 


This score represents the criticality of the asset to your business infrastructure. 


® Here, score 1 bang the lowest criticality and 5 being the highest criticality assigned to an 
asset, when selected. 


Lt} O [2] @ [3] O Lj ols] 


User defined scores 


Configured and 
implemented through 
Asset Tags 


Scale of 1 to 5: 


e 5= most critical 
e 1= least critical 


© Qualys. 


Asset Criticality Score 


© Qualys. Cloud Platform 


CyberSecurity Asset Management 7 HOME DASHBOARD INVENTORY TAGS NETWORK RULES 


Managed Assets [Soi ric 


oe" Asset Criticality Score a u An asset IS SCO red by 
The highest score assigned to the asset via multiple tags is the asset criticality score of the asset. | . = 
O 64K |. TOP OPERATING SYSTEMS C. its tag with the 


Below are various scores assigned to the asset through multiple tags - 


Calculated as of Aug 30 2021 . highest critical ity. 
ASSET TAGS ASSET CRITICALITY SCORE Sco re I S b a se d 


[| Data Center 


MANUFACTURER n PaA on highest = Assets without 


Unidentified | corp Website als; . 
en — al scored tags will 


Google À I Webserver x 
Amazon Web Services rece Ive a d efa u It 


Amazon EC2 T2 t2.micro 


Cloud instance score of two (2). 


Total Assets 


Microsoft 
Amazon Web Ser... 


l Type: Servers 


32 more ¥ 


Website 


TAGS 10.0.0.4,70.37.77.3 


All Assets . . 
OS: Windows 8.1 .. i-0aea72dcb918419ea 2a PP lied if 


EOLOS 172.31.0.7 


Scanned in 180-D 02:e8:50:96:df:aa corresponding Asset 
Scanned in 90-D i-088f65df50ddfda7a Tags are not assigned 


NA 
nes 172.31.37.22 
06:86:d0:22:6e:62 
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Product Lifecycle Management 


Product Lifecycle Information 


e Identify EOL/EOS software and Product Lifecycle 
hardware 1.07K 3.71K 


e Secure your environment by le © © 


eliminating unsupported 


software and hardware 13 12 
D © © 


e Plan hardware refresh and 
software u pg rades Track software and hardware lifecycle related 


issues. 
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Hardware Lifecycle Stage 


Search Token: hardware.lifecycle.stage:value 


General Availability (GA) - 


Hardware is in production, available 
for purchase, and supported 


End of Sale (EOS)- No longer 


being sold or by vendor 


Obsolete (OBS) - End-of-Service; 
no longer serviced via upgrades, 


patches, or maintenance 


Hardware 


Category 
Networking Device / Switch 


Model 
Cisco Systems Catalyst 3850 Series 3850-24P 


Lifecycle Information 
Generally Available 
Nov 25 2012 Not Announced 
2 e 


Generally Available End-of-Sale 


Not Announced 
e 


End-of-Service 
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Hardware Lifecycle Search Tokens 


Attribute examples Search Token 


lifecycle stage "INTRO", "GA", "EOS", "OBS" hardware.lifecycle.stage 
Introduction date Feb-2015 hardware.lifecycle.intro 
General Availability date Apr-21-2014 hardware.lifecycle.ga 
End-of-Sale date May-2016 hardware.lifecycle.eos 
Obsolete date Jun-2018 hardware.lifecycle.obs 


e The ‘lifecycle.stage’ token is useful when searching for the present stage of an asset. 
e Use the other ‘lifecycle’ tokens to search for future EOS, and OBS dates. 
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OS & Software Lifecycle Stages 


Search Tokens: 
operatingSystem.lifecycle.stage:value 


software:(lifecycle.stage:value) 


Generally Available (GA) - 
When the product became 
available for purchase. 
End-of-Life (EOL) - No longer 
marketing, selling, building 
new features, or promoting 
product (Security patches 

may still be provided). 
End-of-Service (EOS) - No 
longer serviced via upgrades, 
patches, or maintenance. 


Operating System 


Name 
Cisco Systems Cisco IOS XE Fuji (16.9.4) 


Installed Date 


Lifecycle Information 
Generally Available (Not Announced) 


Not Announced 
© 


Generally Available End-of-Life 


Not Announced 
e 


End-of-Service 
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OS Lifecycle Search Tokens 


Attribute examples Search Token 


Lifecycle state "GA", "EOL", "EOS" operatingSystem.lifecycle.stage 


Support Stage "Premier", "Extended", "Obsolete" 


General Availability date  Feb-15-2008 operatingSystem.lifecycle.ga 


End-of-Life date Nov-23-2013 operatingSystem.lifecycle.eol 


End-of-Support date Jun-18-2015 operatingSystem.lifecycle.eos 


The ‘lifecycle.stage’ token is useful when searching for the present stage of an asset. 
Use the other ‘lifecycle’ tokens to search for future EOL and EOS dates. 
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Software Lifecycle Search Tokens 


CE |Search Token 


lifecycle stage "Beta", "GA", "EOL", "EOS" software: (lifecycle.stage: 
General Availability date Apr-21-2014 software: (lifecycle.ga: 
End-of-Life date May-2016 software:(lifecycle.eol: 
End-of-Support date Jun-2018 software: (lifecycle.eos: 


The ‘lifecycle.stage’ token is useful when searching for the present stage of an asset. 
e Use the other ‘lifecycle’ tokens to search for future EOL and EOS dates. 


© Qualys. 


Lab 5 : Product Lifecycle Management 


Please consult pages 23 to 24 in the lab tutorial 


supplement for details. 


5 mins 


PLAY J Tutorial begins on page 23. 
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Authorized & Unauthorized Software 


(e) Qualys. 


CIS Control 2: Inventory and Control @ CIS Controls 
of Software Assets 


Overview 


Actively manage (inventory, track, and correct) all software (operating systems and applications) on the network so that only 


authorized software is installed and can execute, and that unauthorized and unmanaged software is found and prevented 
from installation or execution. 


Inventory and 
Control of 


Software Assets 


7 Safeguards Gl 3/7 »\@G2. 6/7 463 7/7 


https://www.cisecurity.org/controls/inventory-and-control-of-software-assets/ 
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Software Rule Types 


Select Software 


Select the software to be included in the rule 


Add Authorized Software 


’ Select applications, releases, publishers or categories that are explicitly authorized in this environment. © 


Add Unauthorized Software B 


Select applications, releases, publishers or categories that are explicitly unauthorized in this environment. (+) 


Needs Review © 


Select applications, releases, publishers or categories that needs to be reviewed before marking as Authorized or © 
Unauthorized. 


= Create rules for authorized/unauthorized software and software that needs to be 
reviewed. 


© Qualys. 


Lab 6: Software Authorization 


Please consult pages 25 - 27 in the lab tutorial 


supplement for details. 


PLAY Tutorial begins on page 25. 5 mins 


© Qualys. 


Create Software Rules 


© Qualys. Cloud Platform 


CyberSecurity Asset Management ~ HOME DASHBOARD INVENTORY TAGS RULES RESPONSES 


Software Rules 
Assets Software 


| Reorder | Create Rule RELEASE CATEGORY 


Google Chrome Network Application 
93.0.4577.82 Stable Channel Internet Browser 


Qualys "= > & Security 
Quick Actions v 


4.4.1.7 Endpoint Management and Security 


ORDER NUMBER RULE 


1 EOS Linux Agents 


Review all Linux agents less tha! 


EOS Windows Agents 
Review Windows agent versions 


Microsof view Authorization Rule Network Application 

94.0.992.3 Internet Browser 
Add To Authorization Rule 

Apache 1 Network Application 

9.0.52 Web Servers 


Unauthorized Software 
Flag Wireshark as unauthorized 4 


Microsoft Internet Information ... 
10.0 


Network Application 
Web Servers 


Qualys Cloud Agent Security 
4.6.0.56 Endpoint Management and Security 


View, create and modify rules from the RULES section or the “Software” tab under the 
INVENTORY section. 


Se sachets © Qualys. 


Rule Precedence 


Software Rules 


ORDER NUMBER RULE 
1 EOS Linux Agents 
Review all Linux agents less than version 2.6. 


EOS Windows Agents 
Review Windows agent versions less than 3.0. 


Unauthorized Software 
Flag Wireshark as unauthorized and Qualys Cloud Ag... 


e Rules at the top of the list have precedence over the rules below. 
e Click the “Reorder” button to move rules higher or lower. 


© Qualys. 


Software Authorization Tokens 


e AUTHORIZED 


software: (authorization: ‘Authorized* ) 


e UNAUTHORIZED 


software: (authorization: ‘Unauthorized* ) 


e NEEDS REVIEW 


software: (authorization: ‘Needs Review‘) 


e After creating software authorization rules, software authorization tokens 
can be used to search and query. 
@ Qualys. 


Report & Respond 


(e) Qualys. 


Report and Respond 


Visualize Data (use dashboards 


cover and Iny 
to identify at risk assets) © e, 


Ng 


Reports (configure reports for IT 
and compliance requirements)* 


| Configure Rule-Based Alerts 
(define criteria for alert notifications)* 


© Qualys. 


Reports 


Asset, Software and Compliance Reports 


© Qualys. cloud Platform 


CyberSecurity Asset Management v TRIAL HOME DASHBOARD INVENTORY 


Reports 


2 


Total Reports 


Create Report v Create Interactive Report 


REPORT NAME Asset Details CREATED BY 
FedRAMP report Software Details 


test 


trann3fq27 
Compliance Report > 


Asset report trann3fq27 


test 


Custom Reports (.csv file format) 


Asset Details (host information) 
Software Details (host and software information) 


CREATED ON 


3 September, 2021 
04:28 PM 


3 September, 2021 
04:26 PM 


TAGS 


RULES 


FedRAMP Compliance (host and software information as required by 


RedRAMP) 


RESPONSES REPORTS 


TEMPLATE 


FedRAMP Template 


Asset Details 


Lab 7 : Asset, Software, and Compliance Reports 


Please consult pages 28 to 30 in the lab tutorial 


supplement for details. 


PLAY 7 Tutorial begins on page 28. 10 mins 


© Qualys. 


Display Options 


Report Display 


Select the columns you want to show in your report 


À Host Information 


Asset ID Sources 


Asset Host ID Last Logged q 


Asset Name Bios Serial Nul 
Asset Type Bios Asset Ta 
MAC Address Is Container 

IP Address OS Category 1 
Asset Time Zone OS Category 


oduct N4 
Asset Report se 
NetBIOS Name OS Edition 
DNS Hostname OS MarketVerl 


Asset Agent Id 


Asset Created Date OS Product Fi 
Asset Last Updated Date OS GA Date 
Last VM Scan Date OS EOL Date 


Report Display 


Select the columns you want to show in your report 


A Software Information 


Software Name Software Market Version 


Software Type Software Architecture 


Software Product Software Package Name 


Software Version Software Support Stage 


Description 


Software Update 
Software Lifecycle GA Date 


Software Publisher 
Software Lifecycle EOL 


Software Authorization Date 


Status 
Software Lifecycle EOS 


Software Product Family Date 


Software Category 1 Software Lifecycle Stage 


Software Lifecyc! 


Software Category 2 Confidence 


Software Component Software Lifecyc 


Software Edition Support'stage 


Software Report 


Host Informati 


Asset ID Sources Hardware q 


Asset Host ID Last Logged On User Hardware (| 


Asset Name Bios Serial Number Hardware 


Asset Type Bios Asset Tag 


= 
Hardware Product 


Report Display 


Select the columns you want to show in your report 


A Software Information 


Software/ Database 
Vendor 


Comments 


Software Lifecycle GA Date 


Software/ Database Name 
& Version 


Software Lifecycle EOL 
Date 


Patch Level 


Software Lifecycle EOS 
Date 


Function 


Select All 


Software Lifecycle Stage 


Software Lifecycle 
Confidence 


Software Lifecycle EOL 
Support Stage 
Software Lifecycle EOS 


Support Stage 


FedRAMP Compliance Report 


E UNIQUE ASSET IDENTIFIER 


Qualys Unique identifier Location 


Asset Type 


IPv4 or IPv6 Address Hardware Make/Model 


Virtual In Latest Scan 


Public Bios Asset Tag 


DNS Name or URL Bios Serial Number 


NetBIOS Name VLAN/Network ID 


MAC Address System Administrator/ 


Owner 


Authenticated Scan 


Application Administrator/ 
Owner 


Baseline Configuration 


Selected attributes will be column headers in the report 


OS Lifecycle EOS Date 
OS Lifecycle Stage 
OS Lifecycle Confidence 


OS Lifecycle EOL Support 
Stage 


OS Lifecycle EOS Support 
Stage 


HW Lifecycle GA Date 
HW Lifecycle Intro Date 
HW Lifecycle EOS Date 


HW Lifecycle Obsolete 


© Qualys. 


Interactive Report 


< Interactive Report FA 


[internet Facing... | x  [us-east-tag] x [Server | x  [cloudAgent x [sensitive data x [oscDemo x [OJ 1-BU-NET-RDLABs..| x [Database Server| x | Web Server 


With Unauthorized Software 


TOTAL INTERNET ASSETS WITH 
Geiss: 533K ESS 119 Ne 13, | Rose 


With EOS/EOL OS 


Business Context Asset Categories Security Gap® 


ASSET CRITICALITY 
HARDWARE * Unauthorized Software 


Most Critical Least Critical Cloud Instance (2.47K) Unidentified (2.24K) Server (445) Virtual Machine (135) EOS/EOL Software 


DEPARTMENT Switch (9) ) | Bridges and Routers (8) ) | Unknown (7) ) | Firewall Device (6) OBS/EOS Hardware 


IT Operations DevOps Corp IT Customer Support 
Server Load Balancer (4) )( Desktop (2) ) ( Network Attached Storage (NAS) Device (1) EOS/EOL OS 


ASSET SUPPORT GROUP 


Terminal Server (1) 
DevOps Group IT Operations Corp IT 
Os * 


Linux (3.01K) )( Unidentified (1.22K) ) ( Windows (957) ) ( Unix (42) ) Firmware (38) 


Development Group 


Network Operating System (36) ) ( Virtualization (23) )( Mac (2) ) Filesystem Software (1) 


Unknown (1) 


e Includes an interactive workflow to identify and list issues and security 
gaps (obsolete hardware, EOL/EOS software, unauthorized software, 


etc.). 


Qualys. 


Lab 8 : Interactive Reports 


Please consult pages 31 to 33 in the lab tutorial 


supplement for details. 


PLAY 7 Tutorial begins on page 31. 10 mins 


© Qualys. 


Rule-Based Alerts 


Alert Actions 


Alert e Receive alert notifications via 
Email, Slack, and PagerDuty. 
DA e Alert Rules are evaluated 
Email when host inventory is 
x slack PagerDuty updated. 


e One or more actions must be 
defined prior to creating Alert 
Rules. 


Configure rule-based alerts. 
Edit Configurations 


© Qualys. 


Lab 9 : Rule-Based Alerts 


Please consult pages 34 to 37 in the lab tutorial 


supplement for details. 


PLAY 7 Tutorial begins on page 34. 10 mins 


© Qualys. 


Rule Query 


= The Rule Query specifies the criteria for triggering an alert action. 


Rule Query 


Provide a query to match particular source that will trigger the alert 


Rule Query * 


X. software: (authorization: ‘Unauthorized* and firstFound:[now-1d ... now]) 


= Sample queries are provided to get you started. 


= Immediately notify your operational teams when critical or 
suspicious events are monitored: 


e Unauthorized software discovered 
e Assets reaching EOS dates 

e Insufficient storage space on host 
e Malicious software discovered 

e and more... 


© Qualys. 


Insert Tokens 


Action Settings 


| nse rt to ken S | nto th e an, appropriate alert action 
m essag e body to i N cl u d e Email action to alert for unauthorized software 
useful asset information 


and details in the alert: Email action to alert for unauthorized software 
e Asset Criticality Score 


Recipient * 
s Last Logged On User vkamat@qualys.com 
e AWS, Azure, and GCP Subject + 
metad ata Unauthorized software alert 


e Hardware and OS Massager 


categories 


We found the following Unauthorized software: 


dd and more... ${operatingSystem} 
S{asset.criticalityScore} 
${provider} 


${asset.assetID} 
${asset.created} 
S{asset.criticalityScore} 
${asset.lastLocation} 
S{asset.lastLoggedOnUser} 
${asset.lastUpdated} 
${asset.name} 
${asset.netbiosName} 
${asset.trackingMethod} 
${aws.ec2.accountld} 


${aws.ec2.availabilityZone} 


151/5000 characters remaining 


Alert Activity 


© Qualys. Cloud Platform 


CyberSecurity Asset Management Vv HOME DASHBOARD INVENTORY TAGS RULES RESPONSES REPORTS & © N 


ns 
Responses Rule Manager Actions 


© 210ct20211. v = 


56 1-50 of 56 4 © i & 


Total Activities 


RULE NAME ACTION MATCHES CREATED BY 


Unauthorized Software Discovered Success CSAM Email Alert 1 Qualys Manager 
Unauthorized software discovered on host. 


h 

RULE NAME 3 hours ago 
Insufficient Stora... 49 Insufficient Storage Space on Host Success CSAM Email Alert 1 Qualys Manager 
Unauthorized Sof... 7 Host has less than 1 GB free disk space. 3 hours ago 
ACTION NAME Insufficient Storage Space on Host Success CSAM Email Alert 1 Qualys Manager 
CSAM Email Alert 56 Host has less than 1 GB free disk space. 3 hours ago 

Unauthorized Software Discovered Success CSAM Email Alert 1 Qualys Manager 
EMAIL RECIPIENTS 


Unauthorized software discovered on host. 


e Monitor alert activity under the “Activity” tab. 


© Qualys. 


Vulnerability Management 


VM Sensors 


Qualys Cloud Platform 


] 


Qualys. 


Vulnerability Findings 


"= Industry-leading vulnerability KnowledgeBase with tens-of- 
thousands of vulnerability signatures. 


Level Level 
= Each vulnerability is ranked 


and associated with: 


Minima Minima 


Medium Medium 


e Qualys Severity Level 
e CVSS Score 

e CVE & Bugtraq IDs 

e Available Patches 

e Known Threats 

e Associated Malware Urgent 
e and more... 


7 Serious 
Serious 


Critical 


Critical 


Urgent 


= An unlimited number of ways to identify, prioritize, and patch vulnerabilities. 


© Qualys. 


Lab 10 : Vulnerability Findings 


Please consult pages 38 to 40 in the lab tutorial 


supplement for details. 


PLAY 7 Tutorial begins on page 39. 5 mins 


© Qualys. 


Vulnerability Findings In CSAM 


< Asset Details: ws2016dfw242 


v INVENTORY 


Vulnerabilities 
Asset Summary S 


System Information 


€ vulnerabilities.severity:[5] and vulnerabilities. typeDetected: [Confirmed] 


9 Vulnerabiliti 
Network Information ulnerabilities 


Open Ports —e —— 
j » | P Filters v 1-9of 9 
Installed Software 1 


Traffic Summary m 


| Microsoft Windows Security Update for December 2019 5 
Y SECURITY — 
VMDR Prioritization _ 


100400 Add to New Job 


Patch Management Add to Existing Job 


z . issino P 
Certificates ' View Missing Patches 


Build Patch Jobs from 


Global IT Asset Inventory. 


e View and patch vulnerability findings from within CyberSecurity Asset 
Management (on a per asset basis). 


© Qualys. 


Vulnerability Findings in VMDR 


rar ee Which ones are patchable? 


VMDR TRIAL DASHBOARD VULNERABILITIES PRIORITIZATION SCANS REPORTS 
[— 


1. Detected vulnerabilities must 
be associated with one or more 


en | mra varaa oee | | patches found in the Qualys 


66 Asset tags.name:’Cloud Agent’ and activatedForModules :PM Patch Catalog 


Total Detections 
v Actions (50) v Asset Vulnerability Groupby... v P Filters v 2 
. 


| Detection Host must be running 
5 15 =ý the Qualys Cloud Agent 


Vulnerabilities 


3 8 7 372508 Oracle Java SE Critical Patch Update - April 2020 
2 2 Active 
en _ 374827 Mozilla Firefox Multiple Vulnerabilities (MFSA2021-01) 3. Cloud Agent must have the PM 
Active 
Local 41 . 
pdows 19 74576 Mozilla Firefox iple Vulnerabilities (MFSA2020-54 mod u le a ctivated 


e 


© Qualys. 


Dashboards & Widgets 


(e) Qualys. 


Out-of-Box Dashboard Templates 


© Qualys. Cloud Platform 


<— Dashboard Templates 


Add or Customize Dashboard templates 


Q Search for Dashboard Templates Build from Scratch 


CSAM (4) Policy Compliance (1) Unified Dashboard (35) VMDR (16) Web Application Firewall (1) File Integrity Monitoring (6) EDR (5) 


RansomWare (RW) Attack Ve... : Policy Compliance : RansomWare (RW) Exposure : Patch Efficiency - VULNs Sev... : Baron Samedit|Heap-based b... 


© Quoiys un mover - hs 


Ransomware Attack Vectors Dashboard provides This dashboard provides Policy Compliance This Dashboard will enable any organization to Patch Efficiency for vulnerabilities of Severity 3-5 Qualys research team discovered heap overflow 
high visibility into your Software and EOL/EOS... widget details. have visibility into your RansomWare Exposure... This dashboard shows Patch Efficiency. It shoul... vulnerability in sudo. Any unprivileged user can... 


Created By: Qualys Created By: Qualys Created By: Qualys Created By: Qualys Created By: Qualys 


Use template Use template Use template Use template Use template 


Qualys, Inc. Corporate Presentation © Qualys. 


Widget Types 


1K B Al G 


Count Table Column 
aw 


Dashboard widgets can be designed to display query results as counts, tables, 
columns, or pie charts. 


© Qualys. 


Lab 11 : Dashboards & Widgets 


Please consult pages 41 to 44 in the lab tutorial 


supplement for details. 


5 mins 
PLAY 7 Tutorial begins on page 41. 


© Qualys. 


Count Widget 


PERCENTAGE OF HIGH SEVERITY VULNERABILITIES 
Name * 


Percentage of High Severity Vulnerabilities 


Widget Represe 


@ Regular ns 3 38 K 
+ The “Count Widget” | ae 
can be configured v 407% 
to automatically ec Om 
change color, when | _,, Cm ane gt Te cre id net if 
specific conditions | 
or thresholds are 


met. 


adai 4 Set Base Color 
Vulnerability v vulnerabilities.severity:[3,4,5] =: 


Compare with another reference query 


Widget Rules 


Set rules and associated widget color. The widget color will changed based on 
Query 2 the condition satisfied for configured rules. 


RUE A When the value of the comparison percentage is 
Vulnerability v vulnerabilities. severity:[1,2,3,4,5] s 
greater than 50% highlight in 


v When clicked navigate to the targeted vulnerabilities search (grouped) 
é 
ä 
= 


Comparison Label ++ Add another rule 


All Vulnerabilities (i.e., kli severities) 


This set of epresent 


A superset (contains all the assets from initial query) 


Enable Trending in Widgets 


2021 
539 ; 
<— Edit Widget (VM) 
139.56% 
showing last 91 days {o> 
Query 1 
Vulnerability wv | X vulnerabilities.status:REOPENED 
e 
, 0 
Compare with another reference query 7/13 Today 


Query 2 


Vulnerability w | X vulnerabilities.status:[NEW,ACTIVE, REOPENED] 


Additional Options 
Enable Trending 


This widget will store its results each day for up to 90 days. The results will be plotted on 
a graph so that the data may be analyzed to identify trends. 


Visualize changes 
or swings in 
momentum or 
progress. 


When enabled, 
widgets can store 
trend data for up to 
90 days. 


Trend lines plotted 
on a graph are 
added to the widget. 


© Qualys. 


Dashboard Tags 


Edit Dashboard « Add one or more Asset 
Tags through the 
Dashboard Editor. 


User Edit: Bob Slydell (quays2bs38) 


Tum help tips: On | Off 


| Edit Mode Edit role(s) and scope 


_ | e The “Default Dashboard 
User Details [C] Allow user full permissions and scope (The user will have full access to everything) a 
Profile Se Each role grants you a set of permissions that will apply to the objects you have access to. Access Tag IS created by 
rofile Settings 

ECTS eas: 


Action Log 


Assigned roles Unassigned roles 
AUDITOR ADMINISTRATOR 
Account Activity CAAPI Access CLOUDVIEW User 


| Default Dashboard Access Tag 


CAMANAGER CONTACT 
CAUI Access CSAM Manager 


CM User CSAM User 


Edit Scope e Share dashboards with 
[C] Allow user view access to all objects (Other permissions are granted by the user's roles) ot h e r Q u a | ys u S e rs by 


Define what assets the user can access by tags. 


Global Scope Select | Create | Remove All assig n i ng “dash board” 
ee fam tag(s) to their accounts. 


[C] Exclude Agent assets from IP Range Tags 


© Qualys. 


Threat Detection & Prioritization 


VMDR Threat Feed 


DASHBOARD 


Prioritization GOTIO Threat Feed 


VULNERABILITIES 


Search for threats by 
category, content, or 


PRIORITIZATION 


publish date. 


KNOWLEDGEBASE 


contents:RDP 


SY Impacted Assets 


HIGH RATED FEED 429 


W High 
Microsoft Windows security update for October 2021... 


2 days ago 07:00pm 7 = 


Live Threat Intelligence Feed Microsoft October 2021 patch Tuesday has 
arrived with the latest updates! In this month's security update , Microsoft 
has fixed a total of 74 flaws including four zero-day vulnerabilities. Out o. 


6 


@ Hio 


Apple releases emergency update to address the arbitrar... 


3 days ago 07:00pm fy = 


Live Threat Intelligence Feed On Monday, Apple released an iPhone 
security update to fix a major vulnerability that is being exploited in the 
wild. With the latest patch, the corporation has now resolved a total of 1 


0 


Click to view impacted assets 
within your subscription 


a Low 
Backdoor Account in Zyxel Products (CVE-2020-29583) 


January 3,2021 37 = 


Live Threat Intelligence Feed On December 23rd, 2020, Zyxel published an 
advisory for a hardcoded credential vulnerability. More than 100,000 Zyxel 
firewalls, access point controllers and VPN gateways are prone to this 


0 


ber 27,2020 Sy = 


ution via... 
Ise issued a security 


severity in Pulse 
E-2020-8260 was. 


0 


#* FAVORITES 5 


@ High 
Microsoft Windows 


Live Threat Intelligence Fe 
zero-day remote code exe! 
component of the Internet] 


Live Threat Intelligence Fe 
Infrastructure Security Ag 
Security Centre (ACSC), th 


Search for threats by content, category or publish date and click to view impacted assets. 


© Qualys. 


Threat Feed Sources 


Exploit Sources 


Source Type 


Core Security 
Exploit-DB 
Metasploit 


Contagio Dump 


Immunity 

- Agora 

- Dsquare 

- Enable Security 

- White Phosporus 


Google Project Zero 


Data Type 


PoC Exploits mapped to CVEs 
PoC Exploits mapped to CVEs 


PoC Exploits mapped to CVEs 


Exploit Kits mapped to CVEs 


PoC Exploits mapped to CVEs 


Zero-Days mapped to CVEs 


Malware Sources 


Source Type Data Type 


Reversing Labs CVEs associated with 
malware 


Trend Micro Malware names 
associated with CVEs 


McAfee Ransomware mapped to 
CVEs 


e The Qualys Threat and Malware 
research team leverages exploit and 
malware data from multiple sources. 


© Qualys. 


VMDR Prioritization Report 


Welcome to VMDR Prioritization 


Prioritize your remediation activities by adding threat intelligence and asse 


context to your vulnerabilities 


+ 
N 


Prioritize 
vulnerabilities by: 

e Asset Context 

e Vulnerability Age 
e Threat Intelligence 
e Attack Surface 


© Qualys. 


Lab 12: VMDR Prioritization Report 


Please consult pages 46 to 51 in the lab tutorial 


supplement for details. 


PLAY 7 Tutorial begins on page 46. 5 min. 


© Qualys. 


Asset Tags Add Context 


| Database Server | SJC | internet Facing. | EOL/EOS 
| Cloud Agent | VMDR Lab | Web Server | Security Tools 
| Malware Domain... | File Transfer | Business Units | Compiler 


e Design and build Asset Tags that help to distinguish the “context” of 
your assets. 


e Leverage tags that use the “Asset Inventory” rule engine, along with 
1) hardware, 2) software, and 3) OS categories. 


© Qualys. 


Priority Options 


Detection Vulnerability 


Real-Time Threat Indicators (RTI) © 


Attack Surface © 


POTENTIAL IMPACT 


High Data Loss (51) 


75 


High Lateral Movemen 


50 Running Kernel 


Denial Of Service (39) Patch Not Available ( 


Vulnerabilities 


Unauthenticated Exploitation (0) Remote cd Running Service 


ACTIVE THREATS Not Mitigated by Configuration 


Active Attacks (8) 


Malware (0) || ZeroD4 Remotely Discoverable Only 


Predicted High Risk (29) Exploit Kit (0) 


Internet Facing Only 


Prioritize discovered vulnerabilities by Age, RTls, and Attack Surface. 


© Qualys. 
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e Detection Age - reflects the number of days since you first detected the 
vulnerability (e.g., by Qualys scanner or Cloud Agent). 
e Vulnerability Age - (i.e., real age) reflects the number days since Qualys 
published the vulnerability to our KnowledgeBase. 
© Qualys. 


Real-Time Threat Indicators (RTI) 


Real-Time Threat Indicators (RTI) © Match Any Match All 


POTENTIAL IMPACT 


High Data Loss (1.75K) High Lateral Movement (1.69K) Wormable (24) Denial Of Service (1.81K) 


Patch Not Available (235) Privilege Escalation (518) Unauthenticated Exploitation (41) 


Remote Code Execution (1.57K) 


ACTIVE THREATS 


Active Attacks (798) Malware (738) Zero Day (91) Exploit Kit (112) Public Exploit (1.04K) 


Predicted High Risk (1.16K) Easy Exploit (1.64K) Ransomware (34) Solorigate Sunburst (9) 


e Provided by VMDR Threat Feed. 


© Qualys. 


Attack Surface 


Attack Surface © 


Running Kernel 

Running Service 

Not Mitigated by Configuration 
Remotely Discoverable Only 


Internet Facing Only 


Continue to define asset context with “Attack Surface” options. 


© Qualys. 


Deploy Priority Patches 


Prioritize Now 


< VMDR Prioritization 


( Exportto Dashboard ) ( Save&Download ) 


Prioritized Assets ( Prioritized Vulnerabilities © Available Patches © Details 


100% © Instances 23.18% © Unique © 


of 13 of 3.41K CED 


Vulnerabilities 


Patches Assets 


Vulnerability v Q 


Group By: Vulnerability Y Show Only Patchable Toggle between Vulnerabilities, 1-50 of 446 
Patches, or Assets. 


CVE TITLE QD TOTAL HOSTS 

— ii Microsoft Windows SecW Turn on this switch to display 91668 5 
patchable vulnerabilities only. 

T en Microsoft Windows Securit) 91683 5 

CVE-2020-17087 Microsoft Windows Kernel Privilege Escalation Vulnerability 91690 5 

Ea icrosoft Windows Security Updatg{or November 5 


Patchable assets have Cloud Agent installed and Patch Management activated. 


© Qualys. 


Windows & Linux Patches 


Available Patches (|) Details 


1. Available patches provided for 
Windows hosts. 

2. Available patches provide for 
Linux hosts. 


© Qualys. 


Zero-Touch Patch Job 


Available Patches (i) Details 


Zero-Touch Patch Job ® = 


Windows Patches 82 
View Missing Windows Patches 


Linux Patches 15 © 


View Missing Linux Patches 


1 - HU of 9/ Co 40} 


Select the “Zero-Touch Patch 
Job” option from the VMDR 
Prioritization Report. 


Patches are not selected 
individually, but instead are 
targeted using a query. 


Schedule patch jobs to recur 
daily, weekly, or monthly. 
Specific patching use-cases 
are ideal for "Zero- Touch” 
patching. 


© Qualys. 


Lab 13 : Zero-Touch Patch Job 


Please consult page 50 in the lab tutorial supplement for 


details. 


PLAY 7 Tutorials begins on page 50. 5 min. 


© Qualys. 


Automated Patch Selection 


Create: Windows Deployment Job 


STEPS 4/9 


Basic Information 


Select Assets 


Select Patches 


Choose the patches you want to install for the selected assets or create a query to automate the job. 


Select Pre-actions Manual Patch Selection © Automated Patch Selection 
Select manually from the available list of patches. Define QQL to automatically identify patches to remediate current and future vulnerabilities every time 

Select Patches the job runs. 
s en Vulnerability X (vulnerabilities.vulnerability: (threatIntel.malware:True or threatIntel.activeAttacks: LA © 
6 Schedule PÁ 

Note: For optimum performarice/only missing and non-superseded patches that match the QQL criteria will be added to the job. 
7 Options Eg 
e d 
S 2 
á /— œe The query is generated from the options 
Patches that meet the query (Age, RTIs, and Attack Surface) selected in 


condition are added to the the Prioritization Report 
deployment job, automatically. ` 


XY 


J 


© Qualys. 


Export to Dashboard 


VMDR + DASHBOARD VULNERABILITIES PRIORITIZATION SCANS REPORTS REMEDIATION ASSETS KNOV 
VMDR Sample + 


D Last 30 Days v © à à 
Export and monitor “Prioritization 


PATCHES BY STATUS WORMABLE VULNERABILITIES Report’ as a Dashboard Widget. 


Prioritized Assets Prioritized Vulnerabilities Available Patches 


Instances Unique 


12 185 am 114 3 


of 15 of 671 


Failed SuccessAlread. 


ASSETS MISSING PATCHES BY PLATFORM MISSING PATCHES BY VENDORS 


E Ø Microsoft..8 N ® Microsoft 1376 
© Microsoft...6 © Apple 5 
® Microsoft..6 Ø SunMicr.. 5 


B Microsoft...4 B Adobe 4 
® Microsoft..3 ® Oracle 3 


Results will be continuously updated within the Dashboard Widget. 


© Qualys. 


Patch Management 


Qualys, Inc. Corporate Presentation 


Patch Management Overview 


Automatically correlates discovered vulnerabilities with their required 
patches 


Leverage existing Qualys Cloud Agents to deploy and uninstall 
patches 


Provides OS and Application patches, including patches from third- 
party software vendors (e.g., Adobe, Java, Google, Mozilla, 
Microsoft, etc...) 


© Qualys. 


Patch Management Overview (cont.) 


Available for Windows, CentOS 6/7, and RHEL 6/7/8 


Provides patching just about anywhere an Internet connection is 
available (e.g., airports, coffee shops, remote offices, etc...) 


Qualys Agents determine which patches are missing or required and 
can identify superseded patches 


Build patch jobs that target specific vulnerabilities, severity levels, 
and known threats 


© Qualys. 


Patch Sources 


OS and Application Patches come from: 
= Vendor Global CDNs (e.g., Oracle, Adobe, Microsoft, Apache, Google, etc...) 
= YUM repositories (Linux) 


= Local repository (i.e., Qualys Gateway Server) 


e Patch downloads requested by one agent, are cached on QGS and made available “locally” 
for other agents that need the same patch. 


e QGS also provides a cache for manifests and agent binaries 


© Qualys. 
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Qualys PM Workflow 


. Install Cloud Agent on target host. 
. Assign target agent host to a CA Configuration Profile that has PM 


configuration enabled. 


. Activate PM module on target agent host. 

. Assign target agent host to an enabled Assessment Profile. 
. Allocate patching licenses. 

. Create Patch Jobs. 


© Qualys. 


Configuration Profile 


Configuration Profile Edit 


Edit Mode 
General Info 
Blackout Windows 
Performance 
Assign Hosts 
Agent Scan Merge 
VM Scan Interval 
PC Scan Interval 


SCA Scan Interval 


Patch Management 


Enable PM module for this profile €D = 


Configuration 
These settings define operational setting for the agent 


Cache size => 2048 | MB (512 - 10240) 
O Unlimited 


PM configuration is enable by default 
for all new Configuration Profiles. 


Presently, PM has one 
agent configuration 
setting. 


Set “Cache size” to at 
least 2048 MB, to 
accommodate 
Windows Updates. 


© Qualys. 


Activate PM Module for Target Host 


Provision Key for these applications 


© S e | ect th e P M sam CyberSecurity Asset Management Patch Management 
mod u le in the A e nt Activations managed by CSAM 191 Activations Remaininc 

. . g Vulnerability Management Policy Compliance 
Activatio n Key, 89 Activations Remaining 0 89 Activations Remaining 

before and after 
agent deployment. 


Endpoint Detection and Response FIM File Integrity Monitoring 
93 Activations Remaining o 89 Activations Remaining 


0 
Secure Config Assessment 


100 Activations Remaining 


RHEL 7.9 E A Red Hat Enterpri... 
172.31.1.49, 0:0:0:0:0: 


| View Asset Details e Use the “Quick Actions” menu to 


Add Tags 


Assign Config Profile activate PM for any agent host or 


Activate Agent 


Deactivate Agent | use the Qualys Cloud Agent API. 


| Uninstall Agent 


=> Activate for FIM or EDR or PM or XDR 
Deactivate Agent for FIM or EDR or PMA bR 


© Qualys. 


Assessment Profile 


© Qualys. Enterprise 
Patch Manageme N DASHBOARD PATCHES ASSETS JOBS CONFIGURATION 


te Assessment Schedule 


Define the interval at which you want the cloud agent to collect patch information from 
the assets associated with this profile. This is synchronized with agent behavior. 


Scan interval is applicable only for the licensed assets. 
The default scan interval for the unlicensed assets will be 24 hrs. 


Scanevery 4 


e Specifies frequency of patch assessment scans. 
e System Profile will be used by default. 


© Qualys. 


License Consumption 


License Consumption 


Patch Management Total Consumption 
Type: FULL i i 9 Of 100 
Expiring in: 3.04K days on Jan 31, 2030 05:59 pm Status: ACTIVE { 


Select assets for patch management 
Select asset tags to include or exclude for patch management. Total Consumption counter shows the number of licenses used 
based on the number of matching assets contained in the included asset tags. 


Include Assets Tags Select Tags 


Cloud Agent x 


Add Exclusion Asset Tags 


Exclude Assets Tags Select Tags 
& Exclude assets you do not want to patch. 
| Dont Patch » 


e Use Asset Tags to specify hosts for patching and to exclude others. 
e Only agent host assets will consume a patch license. 


© Qualys. 


Patch Deployment Job 


Qualys, Inc. Corporate Presentation 


Deployment Job Wizard 


STEPS 1/7 


Ed Basic Information e Build patch jobs step-by-step. 


e Select assets and patches. 


Select Assets 


e Configure scheduling option or 
run on-demand. 


3 Select Patches 


4 Schedule 


e Configure communication and 
5 Options reboot options. 
6 Job Access e Assign access to a job. 


Confirmation 


© Qualys. 


Lab 14 : Patch Deployment 


Please consult pages 52 to 57 in the lab tutorial 


supplement for details. 


10 mins 
Er? Tutorial begins on page 52. 


© Qualys. 


Select Assets 


< Create: Windows Deployment Job 


STEPS 2/9 


Basic Information 
Select Assets 
Select Pre-actions 
Select Patches 
Select Post-actions 
Schedule 

Options 

Job Access 


Confirmation 


117 


Select Assets 
Select the assets you want this job to deploy patches on. 


k 
Include the following assets. 


Selected Assets (2) Add assets Add Assets 
to patch job 


ASSET NAME Remove All 


WIN12R2-97-149 Q 


WIN2012-205 


Add asset tags 
to patch job 


Add Exclusion Assets 


Include hosts that have Any w of the tags beiow. Select Tags 


| Cloud Environments X 


Add Exclusion Asset Tags 
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Asset Tag Tips 


v [os 7500 hosts = 


> | OS: Linux 


1500 hosts 


Vv | Function 


| Testing & Development 


| Production Operations 


Design Asset Tag 
hierarchies with 
nested structures. 


Selecting a “parent” 
tag as a patching 
target, includes its 
“child” tags 
automatically. 

Use tags to 
distinguish between 


production and 
testing assets. 
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Pre and Post Actions 


Select Pre-Actions 2 


Select an action that you want to execute on assets before the job starts. 


Configure action 
to execute before 
job starts 


Action * 


Run Script mm. 
i 
Install Software —_ nn 


Script Name * N 


Run a PowerShell 
script or install 
software 


Custom Script * 


4 
20480/20480 characters remaining 


Cancel 


Qualys. 


Select Patches 


Use patch Select patches 
selector using QQL query 


<— Create: Windows Deployment Job 


STEPS 4/9 


Basic Information 
assets or create a query to automate the job. 


Select Assets 


Select Pre-actions @) Manual Patch Selection ©) Automated Patch Selection 


Select manually from the available list of patches. Define QQL to automatically identify patches to remedi 
Select Patches the job runs. 


Select Post-actions 


Schedule There are no patches selected 


Options Take me to patch selector 


Job Access 


Confirmation 
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Manual Patch Selection 


View patches within Use queries to 
scope of selected assets narrow selections 


= List: Patch Selector 


> vendorse ty: Critical‘ and category:*Security Patches‘ 


209 


] Within S Add to Job 1-50 of 209 
Total Patches O des 


PATCH TITLE PUBLISHED DATE BULLETIN KB CATEGORY QD VENDOR SEVERITY CVE 


Security Cumulative Update for... Sep 14,2021 MS21-09-W10-.. KB5005573 Security Patch.. 91772 BB critical CVE-2021-36960 
SUPERSEDED 273 more 29 more 


ne Securityupdate availablefor Ad... Sep 14,2021 APSB21-55 QARDC2100.. Security Patch.. 372564 | Critical CVE-2021-39851 
false 


42 more. 25 more. 
APP FAMILY Servicing stack update for Win... Sep 14, 2021 MS21-09-SSU-.. KB5005698 Security Patch.. 91482 u Critical 


" 2 more. 
Windows 


Firefox Security Cumulative Update for... Sep 14,2021 MS21-09-W10-... KB5005568 Security Patch... 91772 B critical CVE-2021-36960 
Chrome 145 more 33 more 


Internet Explorer 
Java Security Cumulative Update for... Sep 14,2021 MS21-09-W10-.. KB5005565 Security Patch... 91651 B critical CVE-2021-36960 


8more Y 63 more 33 more 


September 14, 2021-KB500562... Sep 13, 2021 MS21-09-S081... KB5005627 Security Patch... 91814 B Critical CVE-2021-36960 
1 more... 24 more... 


VENDOR 


Microsoft 
KB5005112: Servicing stack up... Aug 10, 2021 MS21-08-SSU-. KB5005112 Security Patch.. 91482 BB Critical 


2 more. 


Mozilla Foundati... 


Use filters to 
narrow selections 


Automated Patch Selection 


Select patches 
using QQL query 


<— Create: Windows Deployment Job 


STEPS 4/9 
Select Patches 


Choose the patches you want to install for the selecteWassets or create a query to automate the job. 


Basic Information 


Select Assets 


SalechPrevactions () Manual Patch Selection @ Automated Patch Selection 


Select manually from the available list of patches. Define QQL to automatically identify patches to remedi 
Select Patches the job runs. 


Bere SEINS V | X vendor:Microsoft and vendorSeverity:Critical 


Schedule L 
Note: For optimum performanéé, only missing and non-superseded patches that match the QQL criteria will be adde« 
Options 


Job Access 


Confirmation 


Use a query to 
select patches 


“Within Scope” Patch 


Within Scope All 


“Within Scope” only includes patches needed by your 
targeted host assets. 
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Schedule Deployment 


Schedule Deployment 


Schedule the deployment job to run on demand or in the future. 


Schedule Schedule: Schedule the deployment job to run at a set time. 


START DATE START TIME 


09/01/2027 Ej 12:30am 


TIMEZONE 
By default the system will use the agent timezone. Set timezone 


Patch Window 


You can configure a patch window to run the deployment job onl 


frame. 
Monthly 
@ None Set Duration 


Note: Not setting the patch window will allow the cloud agent to take as much time as it needs to 
complete the job. 


Run jobs "on demand” or schedule them to run at regular frequencies. 
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Opportunistic Patch Download 


Additional Job Settings 


Enable opportunistic patch download 
The agent attempts to download patches before a scheduled job runs. 


Minimize job progress window 
Allow end-users to minimize message windows. 


You can “Enable opportunistic patch download,” to allow agents to download 
required patches prior to the start of a scheduled job. 
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Patch Window 


Patch Window 
You can configure a patch window to run the deployment job only within a particular time 
frame. 


None ® Set Duration = 


Note: Setting this will restrict the agent to complete the job within the specified patch window (e.g., 
start time + 6 hrs). The job gets timed out outside this window. 


Patch Window 


6 Hours 


e A host will display the “Timed out” status, if the patch installation does not 
start within a specified patch window. 


e Select the “None” option to give agents an unlimited amount of time. 


© Qualys. 


Windows Communication Options 


Deployment and Reboot Communication Options 


Define user (recipient) patch deployment communication and reboot warning messages to 
encourage and educate the user about patch installment and the reboot cycle. 


Reboot messages 


Suppress Reboot 
Asset reboot is suppressed and users are not prompted for reboot post patch 
installation. 


Reboot Request 
Show a message to users indicating that a reboot is required. 
(If no user is logged in, the reboot will start immediately after patch deployment) 


Reboot Countdown 
Show countdown message to users after deferment limit is reached. 


Choose the type of “Deployment and Reboot Communication Options” 
for each Deployment Job. 
© Qualys. 


Host “Pop-Up” Messages 


“Pre-Deployment 
and “Reboot 
Request messages 
can be configured 
with deferment 
options. 


Qualys Patch Management 
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Pre-Deployment Message. 


| ok | [petem ] 


Qualys Patch Management 
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Deployment Complete Message. 


Qualys Patch Management 


© Qualys. .. 


Deployment in Progress. 


Qualys Patch Management 
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Reboot Request Message 
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PM Processes & Executables 


13 Task Manager 


File Options View 


Processes Performance Users Details Services 


A 


Name 


> B Microsoft .NET Framework 4.7.2... 


> @> Microsoft Distributed Transacti... 


sd Microsoft Malware Protection C... 


® Qualys Cloud Agent 
© Qualys Cloud Agent UI 
[a=] RDP Clipboard Monitor 
[E] Runtime Broker 
B Search 
> igh Spooler SubSystem App _ _ 


G | Fewer details 


9% 
CPU 


SRRRRRRRS 


End task 


When patching is active on a 
Windows host, patching 
messages and notifications 
are managed by the “Qualys 
Cloud Agent UI” process 
(QualysAgentUl.exe) 


‘stdeploy.exe’ is the name of 
the patching executable. 
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Linux Communication Options 


Reboot messages 
Suppress Reboot 


Asset reboot is suppressed and users are not prompted for reboot post patch installation 


Reboot Countdown 
Show countdown message to users after deferment limit is reached 


TITLE * 


Reboot countdown started 


MESSAGE 
The system reboot is initiated. It will reboot automatically after the timer countdown. 


START COUNT-DOWN FROM * 
15 Minutes 


Additional Job Settings 


Continue patching even after a package fails to install for a patch 


Enabling this setting ensures that if one of the packages for the patch fails to install, installation of other packages is 
attempted 
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Add to Existing Job”? 


< Add Patches: Existing Deployment Jobs 


STATUS JOB NAME 


Scheduled - Recurring 
Created by trann3zd54 on Jul 3... 


Scheduled - Run Once 
Created by trann3zd54 on Jul 3... 


On Demand - Run Now 
Created by trann3zd54 on Jul 3... 


CREATED BY 


trann3zd54 
Jul 30, 2020 


trann3zd54 
Jul 30, 2020 


trann3zd54 
Jul 30, 2020 


SCHEDULE 


Every 30th day of the... 


Once, Aug 30 2020 7.... 


On-demand 


e Patches and assets can be added to any deployment job, before it is enabled 
e Patches and assets can be added to a “recurring” job, both before and after it 


is enabled. 
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Job Status 


DASHBOARD PATCHES ASSETS JOBS CONFIGURATION 


.Net Job RÉ haan. 5 trann3ww83 On-demand 
Install Job Oct 20, 2019 


View Details 
Adobe Job trann3ww83 Once, 1:00 PM 


Install Job | Cp Oct 28, 2019 


View Job Status: 

e Enabled - Job is presently active. 

e Disabled — Job is presently inactive. 
e Completed — Job has completed. 
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View Job Progress 


Pending WS2016DFW242 Microsoft Windows Server 2016 Stand... 
Oct 28, 2019 fe80:0:0:0:d42d:825a:8140:153, 192.168... 


Completed WS2012EVAL206 Microsoft Windows Server 2012 R2 Sta... 
Oct 28, 2019 fe80:0:0:0:383a:fada:a31b:e92c, 192.168... 


Completed WS2016DFW251 Microsoft Windows Server 2016 Stand... 
Oct 28, 2019 fe80:0:0:0:fd21:1c55:3da9:ba53, 192.168... 


D Completed 
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Best Practices 


= Use Asset Tags as targets for patch deployment jobs. 


= Deploy patches to test hosts, first (create Asset Tags that 
distinguish between test and production assets). 


= Once test deployments are verified, clone the 
deployment job and include production asset tags 
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DASHBOARD PATCHES ASSETS JOBS CONFIGURATION 


Windows 


Q, Search for jobs... 


E Actions (1) v SÊ Filters v 


View Details NAME OWNER v SCHEDULE 


View Progress m 
Demo | E On-Demand 
Install Job Jan 21, 2021 


Edit 
Change Job Owner 


Delete Friday Patching -E On-Demand 


Install Job May 10, 2019 
Enable 


Disable 


Clone 


Clone an existing job 


Patch Catalog 


Patches 


Patch Management DASHBOARD PATCHES ASSETS JOBS CONFIGURATION 


De 
© 
K 


Patch Catalog 


Patch v Q Search... 


3 5.3 K V Filters v 1-50 of 35298 


Total Patches 


APP FAMILY Snagit 2019.1.7 © xs SNAG19-200804 Application 372059 Moderate 
gi 
Windows 17.8K Published on Aug 03, 2020 QSNAG1917 Zma. 
Office 4.18K 5 
ene 2.93K Snagit 2018.2.6 © x86 SNAG18-200804 Application 372059 0 0 
nice Viewer 141K Published on Aug 03, 2020 QSNAG1826 2more 
ons eh August 4, 2020, updat.. @® x86  MSNS20-08-4484477 Application — 0 0 
Ame Published on Aug 03, 2020 KB4484477 
VENDOR August 4, 2020, updat... © x86  MSNS20-08-4484464 Application  — 0 0 
Microsoft 27.3K Published on Aug 03, 2020 KB4484464 
Monia our en Snagit 2019.1.7 ®© xs SNAG19-200804 Application 372059 0 0 
LISE = Published on Aug 03, 2020 QSNAG1917 Snare 
Google 596 
Opera Software A... 420 Snagit 2019.1.7 O xs6 SNAG19-200804 Application 372059 0 0 
ore ed on Aug 03, 2020 SNAG19 apie 


e The Patch Catalog contains tens of thousands of OS and application 
patches. 
e Presently, you can add up to 2000 patches to a single job. 
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Lab 15 : Patch Catalog 


Please consult pages 58 to 61 in the lab tutorial 


supplement for details. 


PLAY 7 Tutorial begins on page 58. 10 mins 
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Catalog s Default Display Filters 


i? Filters Vv 


Patch Status 


Missing 


Installed 


Only Latest Patches (Non-superseded) 


Yes 


The default filters in the Patch 
Catalog, display patches that 
are missing and only the latest 
patches (non-superseded). 
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Acquire From Vendor 


v downloadMethod:AcquireFromVendor 
a 


Microsoft Power BI De... 


Published on Jul 27, 2020 


Microsoft Power BI De... 


Published on Jul 27, 2020 


Microsoft Power BI De... 


Published on Jul 22, 2020 


PBID-200728 
QBI2835894881 


PBID-200728 
QBI2835894881 


PBID-200723 
QBI2835894822 


Patches identified with the “key-shaped” icon, cannot be downloaded by 


Qualys’ Cloud Agent. 
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Prioritized Products 


Qualys, Inc. Corporate Presentation 


Prioritized Products 


e Focus on products in your environment that are important to patch 
on a regular basis 


e Prioritizes products that have introduced the most vulnerabilities 
(over the last 2 years) 


e Create a “zero-touch” patch job targeting products with most 
vulnerabilities 


1. Patches are selected using QQL 


2. Selected patches are included in recuring deployment jobs (daily, weekly, 
monthly) 


e Click the “Prioritize Products” button from the Patch Catalog. 
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Create Job Using Query 


© Qualys. cioud Platform 


< Prioritized Products 


® This report enables you to view the total number of product vulnerabilities (active and fixed) detected in your environment over the last 2 years. 


z Tre | © 


View Related Patches VULNERABILITIES 


Create Job using Query 


MH) 1715 


Windows 


Select applications from the “Prioritized Products” 
list and use the “Actions” button to “Create Job 
using Query.” 


A query designed to target the selected products is 
constructed automatically (using QQL). 


Qualys, Inc. Corporate Presentation © Qualys. 


Create a Query for Patches 


Select Patches 


Choose the patches you want to install for the selected assets or create a query for the job. 


Select Patches @ Create a Query for Patches 


Note: For optimum performance, only missing and non-superseded patches that match the QQL criteria will be added to the job 


The generated query condition(s) will specify the criteria for selecting patches 
each time the job runs: 


o daily 
o weekly 
o monthly 
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Course Resources 


VMDR Certification Exam 


https://gm1.geolearning.com/geonext/qualys/scheduledclassdetails4enroll.geo?&id=22511237827 


VMDR Trial Account 


https: //www.qualys.com/forms/vmdr/ 


You will find the exam link and trial account link at the back of the VMDR Lab 
Tutorial Supplement. 
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Qualys. 


Continuous Security 


Thank You 


training@qualys.com 
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